Netmask is 255.255.255.0 on all machines. Point is that the WinXP machine is being given a redirect by the Linux firewall and that is being ignored, either due to inability of WinXP or some misconfiguration by me. Sanjay. --- Stephen Samuel <samuel@bcgreen.com> wrote: > What are the netmasks for the two machines?? If you > give them a /18 > (or a /16) netmask and the associated broadcast > addresses, then they'll > know to just talk directly to each other. > > Of course, I barely trust Windows to understand > netmasks, but it > should be OK -- far better than trying to get it to > accept ICMP > redirects. > > > Sanjay Arora wrote: > > Network Scenario: RH 8 Linux Firewall Server using > three ethernet cards, > > IPs 172.16.0.141 (connected to Cable Ethernet ISP > doing NAT), > > 192.168.200.1 connected to an ethernet hub, & > 192.168.100.1 (presently > > not being used). Using a hub two lans are > connected to 192.168.200.1, > > each presently having one machine each having IP > addresses 192.168.200.2 > > (Windows XP machine, having Gateway address of > 192.168.200.1 in TCP/IP > > settings) and 192.168.250.1 (RH8 Linux Server, > again having > > 192.168.200.1 as GW address). > > > > 1. When I ftp from 192.168.200.2 (WinXP) to > 192.168.250.1 (RH Linux File > > Server), the firewall shows an error message > saying that WinXP machine > > is ignoring redirects to 192.168.250.1 The > transfer speed is also around > > 3.5 MB instead of full 10 MB which I get between > the two Linux Servers. > > What's the reason? What do I do to correct this > behaviour? > > > > 2. The RH fileserver machine is very > underutilized. I am thinking of > > putting another ethernet card in it and connect is > to the cable ISP and > > Firewall server using a hub. I plan to put a > firewall on the new > > ethernet/IP address denying all outgoing packets > and put a sniffer on > > it. What are the security implications of this? > Mind the IP that sniffer > > is running on is denying all outgoing traffic and > dropping all incoming > > traffic and providing no services at all. On the > other hand the machine > > is inside the firewall.... a compromise here would > provide direct access > > to all local network resources. Is a compromise > possible on an IP that > > denies all traffic inbound and outbound? Should I > waste one machine for > > this task on my proposed small network (less than > 20 machines)? > > > > With thanks in advance ;-)) > > Sanjay. > > > -- > Stephen Samuel +1(604)876-0426 > samuel@bcgreen.com > http://www.bcgreen.com/~samuel/ > Powerful committed communication. Transformation > touching > the jewel within each person and bring it to > life. > __________________________________ Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! http://sbc.yahoo.com - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
